CVE-2023-41646

Name of the Vulnerable Software and Affected Versions Buttercup version 2.20.3

Description The issue allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. This affects the Buttercup app up to version 2.20.3.

Recommendations For version 2.20.3, consider restricting access to the /vaults.json/ file until a patch is available. As a temporary workaround, avoid using the Buttercup app with sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.